Some browser hijacker, “urlseek” is bothering me. LOL
I’ve run scans with both Avast Pro and Iobit’s Advanced System Care, and even Iobit’s Malware Fighter Pro, and this redirect malware keeps coming back, so I am thinking maybe it never left… It may have rode in on a toolbar I had installed, but I disabled it, ran scans, however I continue to get sent to a “urlseek” website randomly when clicking from within an email ( from as benign a website as Staples) or doing a simple browser search.
So, I’m attaching the log files requested in two separate posts.
I run an iMac running OS Lion that I partitioned to run Win7 via Bootcamp from part of the hard drive. I also have a 2TB external hard drive partitioned to Mac and Win, not that it seems necessary anymore since I seem to be able to access most files from either format of that drive regardless of what OS I am working under. So, if you see several different hard drives, that’s why.
Anyway, I don’t have this problem when using FF from within the Mac OS environment, but when I am using FF from Win7, I will periodically get redirected to the urlseek crap…
LMK what I need to do to completely get rid of this malware. I have not gotten any alerts from either Avast or Iobit that specifically address a “urlseek” re-directer.
Thank you for posting your logs. I am going to refer you to our Certified Malware specialists, named Jeffce. He will also review your logs and give you further instructions. He will respond to you in this thread, so remember to check this thread daily.
Please do not make any further changes to your machine now that you have provided the logs.
IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Jeffce or another malware removal specialist instructs you do to malware removal instructions; use a different machine to check email, sync your phone or other devices.
No, I was unaware of any proxy server.
Sorry it’s taken me a few days to get back. Been out of town, and will be going back out again in a few days, so I’d like this taken care of asap. No real rush, though I guess, since I can certainly address any issues when I get back.
However, have you had a chance to look over the logs, and tell me what is going on? The redirecting/ inability to search is getting more frequent, and I can’t work.
I am attaching new logs run today on this computer since it’s been two weeks.
Please, notify Jeffce to disregard the previously posted logs, and to respond asap to my browser hijack issue. I am back in town, and can respond more quickly now.
Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Jeffce,
I tried three times to run the OTL Fix, and each time it started killing processes, then stopped responding.
I manually disabled Iobit’s programs and Avast, and tried to re-run the fix again, and it still stopped responding.
Let me know what else you would like for me to try.
Download Combofix from the link below, and save it to your desktop. Link
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
I got the OTL fix to run, but am experiencing some really slow internet speeds. (speedtest came back 0.50/0.10 on my DSL), so i couldn’t upload the txt file. Don’t know if my internet speed timeouts are related to the hijacker issue we’re working on, or if I just need a new router/modem. But, I’m working on a workaround to get the files uploaded, and I’m also having to troubleshoot the router/modem.
So, please, bear with me.
Elizabeth
Here’s the OTL txt; I will run the combo fix in a bit.
BTW, my scheduled scan ran last night and came back with w JSReloader trojan(?) so I deleted it, and let a boot time scan run… Sorry if that screws up the results the of the OTL txt. I can re-run it again if you’d like.
Ugh! Combofix won’t run.
I’ve been running as administrator each time, and it gets hung up on the blue screen where it says " Scanning for infected files… Etc." I’ve let it sit undisturbed now three times…for a couple hours each time. When i come back to check on it, nothing has changed, and the program Is unresponsive.
Did the otl show anything?
To enter System Recovery Options from the Advanced Boot Options:
[*]Restart the computer.
[*]As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
[*]Use the arrow keys to select the Repair your computer menu item.
[*]Select US as the keyboard language settings, and then click Next.
[*]Select the operating system you want to repair, and then click Next.
[*]Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
[*]Insert the installation disc.
[*]Restart your computer.
[*]If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
[*]Click Repair your computer.
[*]Select US as the keyboard language settings, and then click Next.
[*]Select the operating system you want to repair, and then click Next.
[*]Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select “Computer” and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Still not working. >:(
How can I uninstall both the Combofix and the renamed Vegeta.com? I was going to uninstall them then rename and download it again to see it the name change would work a second time, but I can’t uninstall the programs. I get a message that Combofix.exe is in use when it shouldn’t be after reboot.
Anyway, that’s where I am now. I let the renamed Combofix run all night and it was still hung up in the am.
Ok…I would say that this is part of the infection blocking our tools.
Click the Windows Start button > in the Start Search bar type Run >> Select ‘Run’ - then copy/paste this into the run box & click OK: (assuming ComboFix.exe is on the desktop as was instructed)
